Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.

Published byRodney Green Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin."— Presentation transcript:

1 1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin 1 1 University of Illinois Urbana-Champaign 2 University of Pennsylvania

2 2 Emergency Messaging Emergency messaging has requirements we see in other contexts as well Scalability Timeliness Targeted delivery Public health emergency messaging has additional requirements Sender integrity and authentication Message integrity Recipient integrity and authentication Wide scale distribution with targeted delivery We need interdomain messaging with multiple levels of authentication

3 3 Emergency Messaging

4 4 auth alerts

5 5 Emergency Messaging alerts Roles Permission Location Employer Specialty Policies for permissions Access Control Lists Alert policies Permissions Scope Location

6 6 Emergency Messaging alerts auth token Alerts summary Attribute based policies Summaries

7 7 Our approach Leverage existing technologies for a scalable interdomain authentication and authorization system Rights as user attributes Policies given in terms of attributes Interdomain federation and trust between state authorities and local organizations Alerts as messages with policies Policies based on CDC standardized messaging format Policies defined by CDC, enforced by states Alerts provided as summaries Natural mechanism for regularly updating and dynamic content

8 8 Our approach Shibboleth attribute based authentication SAML token based Users authenticate to a local Identity Provider (IdP) which provides a signed attribute cookie Users use the cookie to authenticate to the service provider RSS based message feeds XML based message summary format Widely deployed mechanism for distributing links to dynamically updated content SSL encryption between nodes Result: Shibboleth RSS

9 9 Contributions Architecture and implementation of Shibboleth RSS Application to standards based messaging formats Scalability and performance estimates from experiments

10 10 Design Considerations What attributes to consider? Attributes from CDC message format - Common Alerting Protocol (CAP) and Public Health Directory Schema (PHINDir) What workload to put on server and client? RSS from CAP on the server RSS to HTML done on client Custom user filtering done with JavaScript on client How to design policies? Forcing redesign of policies are a burden on alert authors Generic policies will match most messages and speed policy filtering Custom policies can be attached if desired

11 11 Policy Evaluation System architect predefines common policies Policy names are associated with each alert Policies need to be evaluated only once per request User attributes compared once against existing policies and stored for later use

12 12 High Level Architecture 1 Req 1: Redirect Identity Provider Public Health Directory 2: Auth 34 5: Token Alert Filter Alert Database Policies Alerts to RSS 6 5 7: Alerts 8: RSS

13 13 Performance Evaluation Vary the number of policies and number of alerts Alerts Small = 128 Kb (54 infos in 15 alerts) Big = 512 Kb (216 infos in 60 alerts) Policies Few = 10 rules Many = 50 rules Critical operations SSL tunnel establishment PHP web page processing Policy evaluation Message filtering based on policy Summarizing messages in RSS Transforming RSS to HTML for viewing

14 14 Performance Evaluation Downloads per second

15 15 Performance Evaluation Optimizations: CAP to RSS feed format Cached policies per user Searched for all policies at once Results: SSL the biggest performance hit Size of the input matters, not number of policies Downloads per second

16 16 Conclusion Shibboleth RSS offers a scalable method for interdomain emergency alerts Attributes let us define policies RSS lets us summarize policies for reading Performance penalty reasonable after SSL About 45% - 60% throughput Federated trust makes interdomain messaging practical

17 17 References Illinois Security Lab http://seclab.uiuc.edu Shibboleth RSS Project http://seclab.uiuc.edu/securerss Demo video http://seclab.uiuc.edu/resources/shibbolethRS SDemo.htmlhttp://seclab.uiuc.edu/resources/shibbolethRS SDemo.html Or Google “Shibboleth RSS”

18 18 High Level Architecture

Download ppt "1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
SAML Integration Doug Bayer Director, Windows Security Microsoft Corporation

SAML Integration Doug Bayer Director, Windows Security Microsoft Corporation
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.

Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Producer-Archive Workflow Network (PAWN) Goals Consistent with the Open Archival Information System (OAIS) model Use of web/grid technologies and platform.

Producer-Archive Workflow Network (PAWN) Goals Consistent with the Open Archival Information System (OAIS) model Use of web/grid technologies and platform.
SharePoint Server 2013 Architecture and Identity www.netcomlearning.com.

SharePoint Server 2013 Architecture and Identity
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
Understanding Active Directory

Understanding Active Directory
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
AAI with simpleSAMLphp

AAI with simpleSAMLphp

Similar presentations

Ads by Google